CVSS: 9.1EPSS: 26%CPEs: 1EXPL: 3CVE-2019-6443 – NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
https://notcve.org/view.php?id=CVE-2019-6443
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. Debido a un error en ctl_getitem, hay una sobrelectura de búfer en read_sysvars en ntp_control.c en ntpd. NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ctl_getitem. • https://www.exploit-db.com/exploits/46175 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-oobread1 https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 26%CPEs: 1EXPL: 3CVE-2019-6444 – NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
https://notcve.org/view.php?id=CVE-2019-6444
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. process_control() en ntp_control.c tiene una sobrelectura de búfer basada en pila debido a que los datos controlados por el atacante son desreferenciados por ntohl() en ntpd. NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ntp_control. • https://www.exploit-db.com/exploits/46176 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-oobread2 https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 21%CPEs: 1EXPL: 3CVE-2019-6445 – NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)
https://notcve.org/view.php?id=CVE-2019-6445
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. Un atacante autenticado puede provocar una desreferencia de puntero NULL y el cierre inesperado de ntpd en ntp_control.c, relacionado con ctl_getitem. NTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control. • https://www.exploit-db.com/exploits/46177 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-authed-npe https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 3CVE-2019-6442 – NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2019-6442
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. Un atacante autenticado puede escribir un byte fuera de límites en ntpd mediante una petición config mal formada,relacionada con config_remotely en ntp_config.c, yyparse en ntp_parser.tab.c y yyerror en ntp_parser.y. NTPsec version 1.1.2 suffer from a config related out-of-bounds write vulnerability. • https://www.exploit-db.com/exploits/46178 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-authed-oobwrite https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-787: Out-of-bounds Write •